劍心
2001-08-31, 10:36 PM
關於iis5.0安全漏洞一事想請教各位先進、有些問題及名詞小弟不甚了解、非常希望這方面的高手能為小弟解惑也希望能因此學習到一些知識、小弟是在一家科技公司上班非常慚愧的是對伺服器的安全慨念不足所以只好上來請教各位高手、因不方便測試公司的伺服器所以今天在家測試自已家堛漲曭A器是用windows 2000 server 架站用(FluxayIV流光6黑客軟體測試自已的主機)原則上微軟的修正程式弟到目前的各式sp3小補丁皆有下載修正不知是否還遺漏了那些修正程式在下列的列表有些名詞及如何修補漏洞是想請各位高手幫忙。
探測結果
PLUGIN-> 掃描 61.216.92.113 IIS5.0 NULL.Printer Exploit ...成功
--(這部分NULL.Printer Exploit ...成功)不知是什麼意思會影響到什麼不解如何修補。
PORT-> 主机 61.216.92.113 端口 0080 ...開放
PORT-> 主机 61.216.92.113 端口 0021 ...開放
PORT-> 主机 61.216.92.113 端口 0053 ...開放
--(這部份小弟尚了解應是有開放wed-80-ftp-21-dns-53)
IPC-> 主机 61.216.92.113 建立空連接 ...成功
--(建立空連接 ...成功)這部份也使小弟非常不解及如何修補
CGI-> 檢測 61.216.92.113 /scripts/samples/search/simple.idq ...成功
CGI-> 檢測 61.216.92.113 /scripts/samples/search/query.idq ...成功
CGI-> 檢測 61.216.92.113 /scripts/samples/search/qsumrhit.htw ...成功
CGI-> 檢測 61.216.92.113 /scripts/samples/search/qfullhit.htw ...成功
CGI-> 檢測 61.216.92.113 /scripts/samples/search/filetime.idq ...成功
CGI-> 檢測 61.216.92.113 /scripts/samples/search/filesize.idq ...成功
CGI-> 檢測 61.216.92.113 /scripts/samples/search/author.idq ...成功
FTP-> 主机 61.216.92.113 FTP 版本信息 ...
CGI-> 檢測 61.216.92.113 /scripts/samples/search/queryhit.idq ...成功
CGI-> 檢測 61.216.92.113 /iissamples/issamples/fastq.idq ...成功
CGI-> 檢測 61.216.92.113 /iissamples/exair/search/query.idq ...成功
CGI-> 檢測 61.216.92.113 /iissamples/exair/search/search.idq ...成功
CGI-> 檢測 61.216.92.113 /iissamples/issamples/query.idq ...成功
CGI-> 檢測 61.216.92.113 /iissamples/issamples/oop/qsumrhit.htw ...成功
CGI-> 檢測 61.216.92.113 /iissamples/issamples/oop/qfullhit.htw ...成功
CGI-> 檢測 61.216.92.113 /iissamples/exair/search/qsumrhit.htw ...成功
CGI-> 檢測 61.216.92.113 /iissamples/exair/search/qfullhit.htw ...成功
CGI-> 檢測 61.216.92.113 /index.asp%81 ...成功
CGI-> 檢測 61.216.92.113 /*.idq ...成功
CGI-> 檢測 61.216.92.113 /?PageServices ...成功
CGI-> 檢測 61.216.92.113 /blabla.idq ...成功
CGI-> 檢測 61.216.92.113 /*.ida ...成功
CGI-> 檢測 61.216.92.113 /abczxv.htw ...成功
--(至於這部份小弟也是不解真希望能知道是什麼地方造成這地方的漏洞)
IPC-> 讀取主机 61.216.92.113 的用戶列表 ...完成(10個用戶)
掃瞄報告
端口掃描
80(HTTP)
21(FTP Control)
53(BIND)
--------------------------------------------------------------------------------
IPC掃描
獲得共享列表
軟體下載區 ww NETLOGON (登入伺服器共用 ) Jota SYSVOL (登入伺服器共用 )
獲得用戶列表
Administrator (Admin) Guest krbtgt TsInternetUser IUSR_DNS IWAM_DNS ton (Admin) svip001 (Admin) svip002 (Admin) jota (Admin)
--(這部份的漏洞不知如何修補)
--------------------------------------------------------------------------------
CGI掃描
WEB版本信息: Microsoft-IIS/5.0
WWW 標題: 測試的網站
掃描成功CGI漏洞
/scripts/samples/search/simple.idq (HTTP: 200 )
/scripts/samples/search/query.idq (HTTP: 200 )
/scripts/samples/search/qsumrhit.htw (HTTP: 200 )
/scripts/samples/search/qfullhit.htw (HTTP: 200 )
/scripts/samples/search/filetime.idq (HTTP: 200 )
/scripts/samples/search/filesize.idq (HTTP: 200 )
/scripts/samples/search/author.idq (HTTP: 200 )
/scripts/samples/search/queryhit.idq (HTTP: 200 )
/iissamples/issamples/fastq.idq (HTTP: 200 )
/iissamples/exair/search/query.idq (HTTP: 200 )
/iissamples/exair/search/search.idq (HTTP: 200 )
/iissamples/issamples/query.idq (HTTP: 200 )
/iissamples/issamples/oop/qsumrhit.htw (HTTP: 200 )
/iissamples/issamples/oop/qfullhit.htw (HTTP: 200 )
/iissamples/exair/search/qsumrhit.htw (HTTP: 200 )
/iissamples/exair/search/qfullhit.htw (HTTP: 200 )
/index.asp%81 (HTTP: 200 )
/*.idq (HTTP: 200 )
/?PageServices (HTTP: 200 )
/blabla.idq (HTTP: 200 )
/*.ida (HTTP: 200 )
/abczxv.htw (HTTP: 200 )
--(CGI掃描這部份不知如何修補)
--------------------------------------------------------------------------------
Plugins
IIS5.0 .Printer Exploit(Grant System Privileges)
--(不知這段敘述是什麼意思)
太多的不知真是讓小弟非常的慚愧原則上是在不用裝防火牆的前提下能獲知各位高手寶貴的知識在此小弟先謝謝。
探測結果
PLUGIN-> 掃描 61.216.92.113 IIS5.0 NULL.Printer Exploit ...成功
--(這部分NULL.Printer Exploit ...成功)不知是什麼意思會影響到什麼不解如何修補。
PORT-> 主机 61.216.92.113 端口 0080 ...開放
PORT-> 主机 61.216.92.113 端口 0021 ...開放
PORT-> 主机 61.216.92.113 端口 0053 ...開放
--(這部份小弟尚了解應是有開放wed-80-ftp-21-dns-53)
IPC-> 主机 61.216.92.113 建立空連接 ...成功
--(建立空連接 ...成功)這部份也使小弟非常不解及如何修補
CGI-> 檢測 61.216.92.113 /scripts/samples/search/simple.idq ...成功
CGI-> 檢測 61.216.92.113 /scripts/samples/search/query.idq ...成功
CGI-> 檢測 61.216.92.113 /scripts/samples/search/qsumrhit.htw ...成功
CGI-> 檢測 61.216.92.113 /scripts/samples/search/qfullhit.htw ...成功
CGI-> 檢測 61.216.92.113 /scripts/samples/search/filetime.idq ...成功
CGI-> 檢測 61.216.92.113 /scripts/samples/search/filesize.idq ...成功
CGI-> 檢測 61.216.92.113 /scripts/samples/search/author.idq ...成功
FTP-> 主机 61.216.92.113 FTP 版本信息 ...
CGI-> 檢測 61.216.92.113 /scripts/samples/search/queryhit.idq ...成功
CGI-> 檢測 61.216.92.113 /iissamples/issamples/fastq.idq ...成功
CGI-> 檢測 61.216.92.113 /iissamples/exair/search/query.idq ...成功
CGI-> 檢測 61.216.92.113 /iissamples/exair/search/search.idq ...成功
CGI-> 檢測 61.216.92.113 /iissamples/issamples/query.idq ...成功
CGI-> 檢測 61.216.92.113 /iissamples/issamples/oop/qsumrhit.htw ...成功
CGI-> 檢測 61.216.92.113 /iissamples/issamples/oop/qfullhit.htw ...成功
CGI-> 檢測 61.216.92.113 /iissamples/exair/search/qsumrhit.htw ...成功
CGI-> 檢測 61.216.92.113 /iissamples/exair/search/qfullhit.htw ...成功
CGI-> 檢測 61.216.92.113 /index.asp%81 ...成功
CGI-> 檢測 61.216.92.113 /*.idq ...成功
CGI-> 檢測 61.216.92.113 /?PageServices ...成功
CGI-> 檢測 61.216.92.113 /blabla.idq ...成功
CGI-> 檢測 61.216.92.113 /*.ida ...成功
CGI-> 檢測 61.216.92.113 /abczxv.htw ...成功
--(至於這部份小弟也是不解真希望能知道是什麼地方造成這地方的漏洞)
IPC-> 讀取主机 61.216.92.113 的用戶列表 ...完成(10個用戶)
掃瞄報告
端口掃描
80(HTTP)
21(FTP Control)
53(BIND)
--------------------------------------------------------------------------------
IPC掃描
獲得共享列表
軟體下載區 ww NETLOGON (登入伺服器共用 ) Jota SYSVOL (登入伺服器共用 )
獲得用戶列表
Administrator (Admin) Guest krbtgt TsInternetUser IUSR_DNS IWAM_DNS ton (Admin) svip001 (Admin) svip002 (Admin) jota (Admin)
--(這部份的漏洞不知如何修補)
--------------------------------------------------------------------------------
CGI掃描
WEB版本信息: Microsoft-IIS/5.0
WWW 標題: 測試的網站
掃描成功CGI漏洞
/scripts/samples/search/simple.idq (HTTP: 200 )
/scripts/samples/search/query.idq (HTTP: 200 )
/scripts/samples/search/qsumrhit.htw (HTTP: 200 )
/scripts/samples/search/qfullhit.htw (HTTP: 200 )
/scripts/samples/search/filetime.idq (HTTP: 200 )
/scripts/samples/search/filesize.idq (HTTP: 200 )
/scripts/samples/search/author.idq (HTTP: 200 )
/scripts/samples/search/queryhit.idq (HTTP: 200 )
/iissamples/issamples/fastq.idq (HTTP: 200 )
/iissamples/exair/search/query.idq (HTTP: 200 )
/iissamples/exair/search/search.idq (HTTP: 200 )
/iissamples/issamples/query.idq (HTTP: 200 )
/iissamples/issamples/oop/qsumrhit.htw (HTTP: 200 )
/iissamples/issamples/oop/qfullhit.htw (HTTP: 200 )
/iissamples/exair/search/qsumrhit.htw (HTTP: 200 )
/iissamples/exair/search/qfullhit.htw (HTTP: 200 )
/index.asp%81 (HTTP: 200 )
/*.idq (HTTP: 200 )
/?PageServices (HTTP: 200 )
/blabla.idq (HTTP: 200 )
/*.ida (HTTP: 200 )
/abczxv.htw (HTTP: 200 )
--(CGI掃描這部份不知如何修補)
--------------------------------------------------------------------------------
Plugins
IIS5.0 .Printer Exploit(Grant System Privileges)
--(不知這段敘述是什麼意思)
太多的不知真是讓小弟非常的慚愧原則上是在不用裝防火牆的前提下能獲知各位高手寶貴的知識在此小弟先謝謝。